Overview

overview

10

Static

static

14a22147f7...e9.exe

windows7_x64

10

14a22147f7...e9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14a22147f785b02355dcbae21f3f39f0fd787c584ea2083398f1dd7b80e322e9

  • Size

    58KB

  • Sample

    220212-fc85aagbc3

  • MD5

    dea0ae6cf9c426301b9b927c22f60c7d

  • SHA1

    e589c3d0383223b9e8f429f0f93d4885dcab073f

  • SHA256

    14a22147f785b02355dcbae21f3f39f0fd787c584ea2083398f1dd7b80e322e9

  • SHA512

    1a607217fadb464560edac6e4a25c71753e2ffadacd6b3a68c77baa4a0519111e119cdae71c673c8166bb5a0ec72d3439d918fdf1ca7497b84853b46209d3c2b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      14a22147f785b02355dcbae21f3f39f0fd787c584ea2083398f1dd7b80e322e9

    • Size

      58KB

    • MD5

      dea0ae6cf9c426301b9b927c22f60c7d

    • SHA1

      e589c3d0383223b9e8f429f0f93d4885dcab073f

    • SHA256

      14a22147f785b02355dcbae21f3f39f0fd787c584ea2083398f1dd7b80e322e9

    • SHA512

      1a607217fadb464560edac6e4a25c71753e2ffadacd6b3a68c77baa4a0519111e119cdae71c673c8166bb5a0ec72d3439d918fdf1ca7497b84853b46209d3c2b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks